Fix issue for unauthorized studies global message #4138
Conversation
|
Docs update PR: cBioPortal/cbioportal#9272 |
|
Added fix for issue cBioPortal/cbioportal#9255 |
| result[studyId] = [studyId]; | ||
| if (isQueriedStudyAuthorized(study)) { | ||
| result[studyId] = [studyId]; | ||
| } |
There was a problem hiding this comment.
it seems at least possible that an unauthorized study could make it's way into a virtual study from a user that has privelages to it. see below where we add studyids from virtual studies. should we do same check? or perhaps we should just fail so that a user will know that there is a "problem" with virtual study.
There was a problem hiding this comment.
I didn't add it because the unauthorized studies feature shouldn't apply to the virtual studies. Also in the StudyViewPageStore, I see that the isQueriedStudyAuthorized is added only to the physical studies.
There was a problem hiding this comment.
it seems at least possible that an unauthorized study could make it's way into a virtual study from a user that has privelages to it.
This is already the case when not running with the unauthorized studies feature. Or am I missing something in your feedback?
- Fixed the issue where the html inside the global message would not
be interpreted by the browser, when there was no placeholders.
- Fixed issue 9255 where SELECT ALL selects unauth studies as well
- Allow {$.studyId} placeholder in the unauth studies message
dianab0
force-pushed
the
unauth-studies-fix
branch
from
b10bb88 to
c69238a
Compare
|
Rebased and pushed everything (including fixes for review comments) under one single commit |
This PR fixes two problems:
Plus, it allows the use of {$.studyId} placeholder in the global message of unauthorized studies.